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Abstract. Arithmetic automata recognize infinite words of digits de- 
noting decompositions of real and integer vectors. These automata are 
known expressive and efficient enough to represent the whole set of so- 
lutions of complex linear constraints combining both integral and real 
variables. In this paper, the closed convex hull of arithmetic automata is 
proved rational polyhedral. Moreover an algorithm computing the linear 
constraints defining these convex set is provided. Such an algorithm is 
useful for effectively extracting geometrical properties of the whole set of 
solutions of complex constraints symbolically represented by arithmetic 
automata. 



1 Introduction 

The most significant digit first decomposition provides a natural way to associate 
finite words of digits to any integer. Naturally, such a decomposition can be 
extended to real values just by considering infinite words rather than finite 
ones. Intuitively, an infinite word denotes the potentially infinite decimal part of 
a real number. Last but not least, the most significant digit first decomposition 
can be extended to real vectors just by interleaving the decomposition of each 
component into a single infinite word. 

Arithmetic automata are Muller automata that recognize infinite words of 
most significant digit first decompositions of real vectors in a fixed basis of de- 
composition r > 2 (for instance r = 2 and r = 10 are two classical basis of 
decomposition). Sets symbolically representable by arithmetic automata in ba- 
sis r are logically characterized |BRW98) as the sets definable in the first order 
theory FO (K, Z, <, Xr) where Xr is an additional predicate depending on the 
basis of decomposition r. In practice, arithmetic automata are usually used for 
the first order additive theory FO (R, Z, <) where Xr is discarded. In fact this 
theory allows to express complex linear constraints combining both integral and 
real variables that can be represented by particular Muller automata called de- 
terministic weak Buchi automata |BJWQ5) . This subclass of Muller automata has 
interesting algorithmic properties. In fact, compared to the general class, deter- 
ministic weak Buchi automata can be minimized (for the number of states) into 
a unique canonical form with roughly the same algorithm used for automata rec- 
ognizing finite words. In particular, these arithmetic automata are well adapted 



to symbolically represent sets definable in FO (K, Z, +, <) obtained after many 
operations (boolean combinations, quantifications). In fact, since the obtained 
arithmetic automata only depends on the represented set and not on the po- 
tentially long sequence of operations used to compute this set, we avoid unduly 
complicated arithmetic automata. Intuitively, the automaton minimization algo- 
rithm performs like a simplification procedure for FO (M, Z, +, <). In particular 
arithmetic automata are adapted to the symbolic model checking approach com- 
puting inductively reachability sets of systems manipulating counters |BLP06j 
and/or clocks |BH06j . In practice algorithms for effectively computing an arith- 
metic automaton encoding the solutions of formulas in FO (M, Z, <) have been 
recently successfully implemented in tools Lash and Lira [BDEKOT] . Unfortu- 
nately, interesting qualitative properties are difficult to extract from arithmetic 
automata. Actually, operations that can be performed on the arithmetic au- 
tomata computed by tools Lash and Lira are limited to the universality and 
the emptiness checking (when the set symbolically represented is not empty these 
tools can also compute a real vector in this set). 

Extracting geometrical properties from an arithmetic automaton representing 
a set X C M™ is a complex problem even if X is definable in FO (R, Z, <). Let 
us recall related works to this problem. Using a Karr based algorithm |Kar76) . 
the affine hull of X has been proved efficiently computable in polynomial time 
|Ler04j (even if this result is limited to the special case X C N™, it can be 
easily extended to any arithmetic automata). When X = Z™ n C where C is 
a rational polyhedral convex set (intuitively when X is equal to the integral 
solutions of linear constraint systems) , it has been proved in |Lat04j that we can 
effectively compute in exponential time a rational polyhedral convex set C" such 
that X = Z™ n C". Note that this worst case complexity in theory is not a real 
problem in practice since the algorithm presented in |Lat04j performs well on 
automata with more than 100 000 states. In |Lug04 this result was extended 



to sets X = F + L where F is a finite set of integral vectors and L is a linear 
set. In |FL05j . closed convex hulls of sets X C Z™ represented by arithmetic 
automata are proved rational polyhedral and eflectively computable in exponen- 
tial time. Note that compared to [Lat04j, it is not clear that this result can be 
turn into an efficient algorithm. More recently |Ler05) . we provided an algorithm 
for effectively computing in polynomial time a formula in the Presburger the- 
ory FO (Z, <) when X C Z" is Presburger-definable. This algorithm has been 
successfully implemented in TaPAS |LP08j (The Talence Presburger Arithmetic 
Suite) and it can be applied on any arithmetic automata encoding a set A" C Z™ 
with more than 100 000 states. Actually, the tool decides if an input arithmetic 
automaton denotes a Presburger-definable set and in this case it returns a for- 
mula denoting this set. 

In this paper we prove that the closed convex hulls of sets symbolically rep- 
resented by arithmetic automata are rational polyhedral and effectively com- 
putable in exponential time in the worst case. Note that whereas the closed 
convex hull of a set definable in FO (R, Z, -f , <) can be easily proved rational 
polyhedral (thanks to quantification ehminations), it is difficult to prove that 
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the closed convex hulls of arithmetic automata are rational polyhedral. We also 
provide an algorithm for computing this set. Our algorithm is based on the re- 
duction of the closed convex hull computation to data-flow analysis problems. 
Note that widening operator is usually used in order to speed up the iterative 
computation of solutions of such a problem. However, the use of widening op- 
erators may lead to loss of precision in the analysis. Our algorithm is based on 
acceleration in convex data-flow analysis ^LSOTbjLSOTa] . Recall that acceleration 
consists to compute the exact effect of some control-flow cycles in order to speed 
up the Kleene fix-point iteration. 

Outline of the paper : In section [2] the most significant digit first decomposi- 
tion is extended to any real vector and we introduce the arithmetic automata. 
In section [3] we provide the closed convex hull computation reduction to (1) a 
data-flow analysis problem and (2) the computation of the closed convex hull of 
arithmetic automata representing only decimal values and having a trivial ac- 
cepting condition. In section|4]we provide an algorithm for computing the closed 
convex hull of such an arithmetic automaton. Finally in section [5] we prove that 
the data-flow analysis problem introduced by the reduction can be solved pre- 
cisely with an accelerated Kleene flx-point iteration algorithm. Most proofs are 
only sketched in the paper, but detailed proofs are given in appendix. This paper 
is the long version of the SAS 2008 paper. 

2 Arithmetic Automata 

This section introduces arithmetic automata (see Fig.[T]). These automata recog- 
nize inflnite words of digits denoting most significant digit first decompositions 
of real and integer vectors. 

As usual, we respectively denote by Z, Q and R the sets of integers, ratio- 
nal and real numbers and we denote by N, the restrictions of Z, (Q),M 
to the non-negatives. The components of an m-dim vector x are denoted by 
x[l], . . . , x[m]. 

We flrst provide some deflnitions about regular sets of inflnite words. We 
denote by 17 a non-empty flnite set called an alphabet. An infinite word w over 
17 is a function t« e N ^ 17 deflned over N\{0} and a finite word a over 17 is 
a function cr e N ^ 17 deflned over a set {1, . . . , fc} where /c S N is called the 
length of a and denoted by \a\. In this paper, a finite word over 17 is denoted 
by a with some subscript indices and an infinite word over 17 is denoted by w. 
As usual 17* and 17^^ respectively denote the set of flnite words and the set of 
inflnite words over 17. The concatenation of two flnite words cri, fT2 S 17* and the 
concatenation of a flnite word tr G 17* with an inflnite word w £ 17" are denoted 
by cri(T2 and aw. A graph labelled by 17 is a tuple G — {Q, 17, T) where Q is a 
non empty flnite set of states and T C Q x 17 x Q is a set of transitions. A finite 
path TT in a graph G is a flnite word tt = ti . . . of A: > transitions ti d T such 
that there exists a sequence qo, . . . ,qk € Q and a sequence ai , . . . , G 17 such 
that ti = (gi-i, ai, qi) for any 1 < i < k. The flnite word a = ai . . . ak is called 
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the label of tt and such a path tt is also denoted by qo qu or just qo qt- We 
also say that tt is a path starting from go and terminating in qk- When qo = qk 
and A: > 1, the path tt is called a cycle on go- Such a cycle is said simple if the 
states go) • • • ) (Ik-i are distinct. Given an integer rn > 1, a graph G is called an 
m-graph if m divides the length of any cycle in G. An infinite path 9 is an infinite 
word of transitions such that any prefixes tt^ = ^(1) . . . 9{k) is a finite path. The 
unique infinite word w € S"^ such that <Jk = w{l) . . .w{k) is the label of the 
finite path tt^ for any A; € N is called the label of 9. We say that 9 is starting 
from go if go is the unique state such that any prefix of 9 is starting from go. In 
the sequel, a finite path is denoted by tt and an infinite path is denoted by 9. The 
set of infinite paths starting from go is naturally denoted with the capital letter 
6*0 (?o)- The set F of states q € Q such that there exists an infinite number of 
prefix of 9 terminating in g is called the set of states visited infinitely often by 
9. Such a path is denoted by go — > F or just qo ^ F. A Muller automaton A 
is a tuple A = {Q, E, T, Qo, 3^) where (Q, Z", T) is a graph, Qo ^ Q is the initial 
condition and 3^ C ViQ) is the accepting condition. The language L{A) C S'^ 
recognized by a Muller automaton A is the set of infinite words w G Z"^ such 
that there exists an infinite path qo F with go G Qo and F £3^. 




Fig. 1. On the left, the rational polyhedral convex set C = {x & M.^ \ 3x[l] > 
x[2] A x[2] > 0} in gray and the set X = n C of integers depicted by black 
bullets. On the center, an arithmetic automaton symbolically representing X in 
basis 2. On the right, the closed convex hull of X equals to cloconv(X) = {x € 
I 3a;[l] > a;[2] + 1 A a;[2] > A > 1} represented in gray. 



Now, we introduce the most significant digit first decomposition of real vec- 
tors. In the sequel m > 1 is an integer called the dimension, r > 2 is an integer 
called the basis of decomposition, Sr = {0, . . . ,r — 1} is called the alphabet of 
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r-digits, and Sr — {0, r — 1} is called the alphabet of sign r-digits. The most 
significant r-digit first decomposition provides a natural way to associate to any 
real vector x a tuple {s,a,w) G 5™ x (r™)* x S!;^ . Intuitively {s,a) and 

w are respectively associated to an integer vector z £ Z™ and a decimal vector 
d G [0, 1]™ satisfying x = z + d. Moreover, s[i] = corresponds to z[i] > and 
s[i\ = r—1 corresponds to z[i] < 0. More formally, a most significant r-digit first 
decomposition of a real vector x G is a tuple {s,a,w) G 5™ x (Z"™)* x Z"^ 
such that for any 1 < « < m, we have: 

a;[?J = r ™ h 2^ J' cr(™U 

~ J=l 

The previous equality is divided in two parts by introducing the functions Ar,m G 
^ [-1, 0]" and jr,rn G S';" X (i:™)* -> Z™ defined for any 1 < i < m by the 
following equalities. Note the sign in front of the definition of Xr,m- This sign 
simplifies the presentation of this paper and it is motivated in the sequel. 

-Xr,m{w)\i] 
7r,m(s,Cr)[i] 

Definition 2.1 ( |BRW98j ). An arithmetic automaton A in basis r and in 
dimension m is a Muller automaton over the alphabet Sr U {★} that recognizes 
a language L C fi-™ * (Z"™)* ★ Z-^f . The following set X <Z R"^ is called the set 
symbolically represented by A: 

X = {7r,m(s, Cr) - Xr,m{w) \ S * a * W £ L} 

Example 2.2. The arithmetic automaton depicted in Fig. [T] symbolically repre- 
sents X = {a; G I 3a;[l] > 2:[2]}. This automaton has been obtained automat- 
ically from the tool Lash through the tool-suite TaPAS |LP08) . 

We observe that Real Vector Automata (RVA) and Number Decision Dia- 
grams (NDD) |BRW98] are particular classes of arithmetic automata. In fact, 
RVA and NDD are arithmetic automata A that symbolically represent sets X 
included respectively in M™ and Z™ and such that the accepted languages L{A) 
satisfy: 

L{A) ~{s i^a-kW \ 7r,m(s, Cr) - Ar,m(«^) G X] if ^ is a RVA 

L{A) ={s ★ CT * O'^ I 7r,m(s, cr) G AT} if ^ is a NDD 

Since in general a NDD is not a RVA and conversely a RVA is not a NDD, 
we consider arithmetic automata in order to solve the closed convex hull com- 
putation uniformly for these two classes. Note that simple (even if computa- 
tionally expensive) automata transformations show that sets symbolically rep- 
resentable by arithmetic automata in basis r are exactly the sets symbolically 
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representable by RVA in basis r. In particular |BRW98j . sets symbolically rep- 
resentable by arithmetic automata in basis r are exactly the sets definable in 
FO (M, Z, +, <, where Xr C R'^ is a basis dependant predicate defined in 
[BRW98J . This characterization shows that arithmetic automata can symboli- 
cally represent sets of solutions of complex linear constraints combining both in- 
tegral and real values. Recall that the construction of arithmetic automata from 
formulae in FO (M, Z, +, <, Xr) is effective and tools Lash and Lira [BDEK07 J 
implement efficient algorithms for the restricted logic FO (M, Z, +, <). The pred- 
icate Xr is discarded in these tools in order to obtain arithmetic automata that 
are deterministic weak Buchi automata |BJW05j . In fact these automata have 
interesting algorithmic properties (minimization and deterministic form). 

3 Reduction to Data-Flow Analysis Problems 

In this section we reduce the computation of the closed convex hull of sets 
symbolically represented by arithmetic automata to data-flow analysis problems. 

We first recall some general notions about complete lattices. Recall that a 
complete lattice is any partially ordered set {A, C) such that every subset X C A 
has a least upper bound \_\X and a greatest lower bound \~\X. The supremum 
\_\A and the infimum \~\A are respectively denoted by T and ±. A function 
/ S A — > A is monotonic if f{x) C f{y) for all a; E 2/ in A. For any complete 
lattice [A, □) and any set Q, we also denote by C the partial order on Q — > A 
defined as the point-wise extension of C, i.e. / C 5 iff f{q) C g{q) for all q G Q. 
The partially ordered set (Q — > A, C) is also a complete lattice, with lub |J and 
gib n satisfying (U F){s) = U {/(s) \ f & F} and F){s) = R {/(s) I / e 
for any subset F C Q A. 

Now, we recall notions about the complete lattice of closed convex sets. A 
function / £ R" — *■ R™ is said linear if there exists a sequence iMij)ij of 
reals indexed hj 1 < i < m and 1 < j < n and a sequence {vi)i of reals 
indexed by 1 < i < m such that f{x)[i] — + ^« for any a; G R" 

and for any 1 < i < m. When the coefficients {Mi_j)i_j and {vi)i are rational, 
the linear function / is said rational. The function /' G R™ — * R" defined by 
f'{x)[i] — Mi,3^[j] for any a; G R" and for any 1 < i < m is called the 

uniform form of /. A set i? C R™ is said closed if the limit of any convergent 
sequence of vectors in R is in R. Recall that any set X C R™ is included in 
a minimal for the inclusion closed set. This closed set is called the topological 
closure oi X and it is denoted by c\{X). Let us recall some notions about convex 
sets (for more details, see |Sch87| ). A convex combination oi k > 1 vectors 
xi,. . . ,Xk e K™ is a vector x such that there exists ri, . . . , G R+ satisfying 
ri + ■ ■ ■ + rk = 1 and x — rixi -I- • • • -I- rkXk- A set C C R™ is said convex 
if any convex combination of vectors in C is in C. Recall that any X C R™ 
is included in a minimal for the inclusion convex set. This convex set is called 
the convex hull of X and it is denoted by conv(Ar). A convex set C C R™ is 
said rational polyhedral if there exists a rational linear function / G R™ R" 
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such that C is the set of vectors x e M™ such that A"=i /l^^) W < 0. Recall that 
cl(conv(X)) = conv(cl(X)), c\{f{X)) = f{c\{X)) and conv(/(X)) = /(conv(X)) 
for any X C R™ and for any linear function / e M" ^ R". The class of 
closed convex subsets of R™ is written Cm- We denote by C the inclusion partial 
order on C„i- Observe that (Cm, C) is a complete lattice, with lub |J and gib fl 
satisfying |J 6 = clo conv(lJ C) and fl C = fl ^ for any subset C C Cm- 

Example 3.1. het X = 7? nC where C is the convex set C ^ {x \ 3a; [1] > 
x[2\ A x[2\ > 0} (see Fig. [J). Observe that cloconv(X) = {x G R^ | 3x[l] > 
x[2] + 1 A a;[2] > A a;[l] > 1} is strictly included in C. 



In the previous section, we introduced two functions Xr.m and jr.m- Intu- 
itively these functions "compute" respectively decimal vectors associated to infi- 
nite words and integer vectors associated to finite words equipped with sign vec- 
tors. We now introduce two functions Ar^m,a and rr^m,a that "partially compute" 
the same vectors than Ar,m and 7r,m- More formally, let us consider the unique 
sequences iAr^,n,<j)<jes; and {rr,m.,a)aGE; of linear functions /lr,m,<j, -Tr.m.cr G 
R™ R™ inverse of each other and satisfying Ar.m,(7ia-2 — ^r.m,c7i ° ^r,m,CT2i 

rr,m,cricr2 = -Tr.m.o-s ° -Hr.m^cri for any CTi , (72 & ) ^Uch that /lr,m,e and Fr^m.e are 

the identity function and such that Ar,m,a and rr,m,a with a G Z'r satisfy the 
following equalities where x E R'": 

. , , .x[m] - a . , . ... 

Ar,ni,a[^) = ( 7 2^ 1 , • ■ • , x[ni - 1 j 

r 

^r,m,a(a;) = (a; [2] , . . . , x [m] , [1] + a) 

We first prove the following two equalities ^ and ([2]) that explain the link 
between the notations Xr,m and jr,m and their capital forms Ar^m,a and r'r,m,<T- 
Observe that /lr,m,a(Ar,m(w)) = Ar,m(a'w) for any a £ Sr and for any w G Z'". 
An immediate induction over the length oi a € S* provides equality (U). Note 
also that -rr,m,ai...a,„(a;) = rx -\- (oi, . . . , am) for any ai, . . . , Om G £'r- Thus an 
immediate induction provides equality ([2)). 



K,m{<Jw) = /lr,m,o-(Ar,m(w)) 

T?",m(5,^) — -^r,m,o'(~l ) 
1 — r 



Va e s; Vw e z-;^ (1) 
Vo- e (i;;')* Vs e 5™ (2) 



We now reduce the computation of the closed convex hull C of a set X C R™ 
represented by an arithmetic automaton A — {Q, S, T, Qo, J) in basis r to data- 
flow analysis problems. We can assume w.l.o.g that {Q,E,T) is a m-graph. As 
the language recognized by A is included in 5™ ★ {E^)* ★ the set of states 
can be partitioned into sets depending intuitively on the number of occurrences 
\<j\t, of the ★ symbol in a word a E S* . More formally, we consider the set Qs 
of states reading signs, the set Qi reading integers, and the set Qd reading 
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decimals defined by: 

Qs = {qeQ\3{qo,a,F)eQoxU* xS' = A qo 

Qi = {qeQ\ 3(qo, CT, F) e Qo X S* X J \aU = 1 A go 

Qd = {qeQ\ 3((7o, cr, F) e Qa x S* x J \a\^ = 2 A go 

We also consider the m-graphs Gs, Gj and Gd obtained by restricting G re- 
spectively to the states Qs, Qi and Qd and formally defined by: 

Gs = {Qs, Ts) with Ts = Tn{QsX S,. x Qs) 

Gi = {Qi, Sr, Ti) with Tj = T n (Q/ x Z"^ x Qi) 

Gd = {Qd, Sr, Td) with Td = T C^{QD x Sr x Qd) 

Example 3.2. Qs = {-2, -1,0}, Q/ = {1, . . . ,9} and Qd = {a, 6} in Fig.IH 

The closed convex hull C = el o comi{X) is obtained from the valuations 
Ci ^ Qi ^ Cm and Cd G Qd Cm defined by C/ = cloconv(X7) and 
Cd = c\ocoxw{Xd) where Xi and Xd are given by: 

Xi{qi) = {Fr.rnAT—) I « ^ S";" fj G s; 3(70 e Qo go ^ g/} 
1 — r 

XD{qD) = {K,M \ wei:^ 3F(iy qD^F} 



>q^F} 
q^F} 
^q^F} 



In fact from the definition of arithmetic automata we get: 

C= □ Ci{qi)-CD{qD) 

(qi,*,qn)eT 

We now provide data-fiow analysis problems whose C/ and Cd are solu- 
tions. Observe that m-graphs naturally denote control-fiow graphs. Before asso- 
ciating semantics to to- graph transitions, we first show that C/ and Cd are 
some fix-point solutions. As cl o conv and rr^m,a are commutative, from the 
inclusion rr^m,a{Xi{qi)) C Xi{q2) we deduce that Ci satisfies the relation 
rr,m,a{Ci{qi)) ^ Ci{q2) for any transition (92,0, 52) G Symmetrically, as 
cloconv and Ar^m,a are commutative, from the inclusion Ar^m,a{XD{q2)) C 
Xd((7i), we deduce that Ar^rn,a{CD{q2)) E C'£)(gi) for any transition (gi, a, 92) G 
Tq. Intuitively Ci and Cu are two fix-point solutions of different systems. More 
formally, we associate two distinct semantics to a transition t — (91,0,92) of 
a TO-graph C = {Q,Sr,T) by considering the monotonic functions Aa^rn.t and 
Fcm.t over the complete lattice {Q Cm, E) defined for any C G Q ^ Cm and 
for any g € Q by the following equalities: 



AG,rnAC){q) 

rG,mAC){q) 



_ f^r,m,a(C(g2)) if 9 = ?! 

"\C(9) if 9 

_ I ^r.m,a(C'(qi)) if g = 92 

~\C(9) ifg^92 
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Observe that Co is a fix-point solution of the data-fiow problem Aco,m,t{CD) E 
Cd for any transition t E Td and C/ is a fix-point solution of the data-fiow 
problem rc,,m,t{Ci) C C/ for any transition t S T/. In the next sections [SH] 
and 13.21 we show that C d and C/ can be characterized by these two data-flow 
analysis problems. 

3.1 Reduction for Cd 

The computation of C^i is reduced to a data-flow analysis problem for the m- 
graph Gd equipped with the semantics {Aco,m,t)t!^To- 

Given an inflnite path 9 labelled by w, we denote by \r,m{9) the vector 
\,m{w). Given a m-graph G labelled by Z'r, we denote by Ac,m, the valuation 
cl o conv(Ar,m('9G)) (recall that Oaiq) denotes the set of inflnite paths starting 
from q). This notation is motivated by the following Proposition 13.31 

Proposition 3.3. The valuation Aq ^ is the unique minimal valuation C G 
Q C„i such that AG,m.t{C) E G for any transition t € T and such that 
C{q) ^ for any state q E Q satisfying 0g{q) ^■ 

The following Proposition 13.41 provides the reduction. 
Proposition 3.4. Gd — AGo,m 

Proof. We have previously proved that ^GD,T?x,t(C'D) E Gd for any transition 
t G Td- Moreover, as Gd{<1d) for any qD S Qd, we deduce the relation 
AcD-rn E C_D by minimality of Ao^^rn- For the other relation, just observe that 
Xd E \,m{OGD) and apply cloconv. □ 

3.2 Reduction for Ci 

The computation of Gi is reduced to data-flow analysis problems for the m- 
graphs Gs and Gi respectively equipped with the semantics {rGs,m,t)t£Ts and 

{rGi,m,t)t£Ti ■ 

Given a m-graph G — {Q, Er,T) and an initial valuation Gq G Q ^ Cm, it 
is well-known from Knaster-Tarski's theorem that there exists a unique minimal 
valuation G e Q ^ Cm such that Co E C* and rG,m,t{G) E G for any t eT.We 
denote by lG',m(C'o) this unique valuation. 

Symmetrically to the deflnitions of Gj and Gd we also consider the valuation 
Cs e Qs Cm deflned by = cl o conv(Xs) where Xs is given by: 

Xsiqs) = {r,,m,.(0, . . . , 0) I s e 5; 3(70 e Qo go ^ qs} 
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The reduction comes from the following Proposition 13.51 where Cs,o G Qs 
C„i and C/_o ^ Qi ^ Cm are the following two initial valuations: 



Proposition 3.5. Cs = rGs,r,i{Cs,o) and Cj = rGj,m{Cifi). 

Proof. First observe that Xs C rGs,miCsfi) and Xj C rGj,m{Cifi). Thus Cs E 
rGs:m{Cs^o) and C/ C /"G/.mlC/.o) by applying cloconv. Finally, as Fr^m.a and 
cloconv are commutative, we deduce that /G's,m,t(C's) E C's for any t € Tg 
and rGi.m,t{Ci) E C*/ for any i S T/. The minimality of rGs,m{Csfi) and 
-f'G/,m(C/,o) provide rGs^m(Cs,o) E Cs and rGj,m(C/,o) E Cj. □ 

4 Infinite Paths Convex Hulls 

In this section G = {Q,Sr,T) is a m-graph. We prove that AG,mi<l) is equal 
to the convex hull of a finite set of rational vectors. Moreover, we provide an 
algorithm for computing the minimal sets Aq ^(g) C Q™ for every q £ Q such 
that AG,m — conv(ylQ ^) in exponential time in the worst case. 

A fry-pan in a graph C is an infinite path 9 = ti . . . ti{ti+i . . . t^Y where 
< i < fc and where ti = (go ^ gi), • ■ ■ ^fc = (^Zfe-i ^ Qk) are transitions such 
that qk = qi- A fry-pan is said simple if go, ■ • • , are distinct states. The 
finite set of simple fry-pans starting from q is denoted by As expected, 

we are going to prove that AG,m — conv(Ar,m(6'G)) and Xr,m{OG{q)) E Q™- 

We first prove that Xr,m{d) is rational for any fry-pan 6. Given a G S:^ , the 
following Lemma 14.11 shows that Ar,m (c" ) is the unique solution of the rational 
linear system ylr,m,cr(a;) = x. In particular Xr,mio''^) is a rational vector. From 
equality ^ given in page \7\ we deduce that the vector Xr^m (9) is rational for 
any fry-pan 9. 

Lemma 4.1. A,-_m(o''^) is the unique fix-point of Ar.m,a for any a e T,^ . 

The following Proposition 14.21 (see the graphical support given in Fig. [2]) is 
used in the sequel for effectively computing AG,m thanks to a fix-point iteration 
algorithm. 

Proposition 4.2. Let t — {q, a, q') be a transition and let 9' be a simple fry-pan 
starting from q' such that the fry-pan t9' is not simple. In this case there exists a 
minimal non-empty prefix tt oft9' terminating in q. Moreover the fry-pan 9 such 
that t9' = Tr9 and the fry-pan n'^ are simple and such that ^r,m,a(Ar,m(^')) ^ 

C0nv{{Xr,mi9),Xr,miTT'^)}). 




qsEQs 



iqs,*,qi)&T 



10 



9'? — -^^^9 
















e' 


t 






— 


q ^ 


^— »^ >^ . 


? <J 



Fig. 2. A graphical support for Proposition 14.21 where Q' denotes a simple fry- 
pan starting from a state g' and t = (g, a, g') is a transition such that the fry-pan 
td' is not simple. That means the state q is visited by Q' . Note that q is visited 
either once or infinitely often. These two situations are depicted respectively on 
the top line and the bottom line of the tabular. 



Proof. As t9' is not simple whereas 9' is simple we deduce that there exists 
a decomposition of t9' into tt9 where tt is the minimal non-empty prefix of t9' 
terminating in q. Let tt be the non empty path with the minimal length. Observe 
that TT is a simple cycle and thus tt" is a simple fry-pan. Moreover, as 6* is a suffix 
of the simple fry-pan 9' , we also deduce that 6* is a simple fry-pan. Observe that 
K,m{t9') = \r,m{T^9). Moreover, as tt is a cycle in a m-graph we deduce that m 
divides its length. Denoting by a the label of tt, we deduce that a £ . 

Now, observe that Ar^m,a{x) = (1 — r^'^~^)\r,m{(^'^) + r^~x for any x E M™. 

We deduce that ylr,m,a(Ar,m(6'')) = (1 - J'""^)Ar,m(7r") + r^^Xr,m{9). Thus 

Ar^m,a{^r.m{0')) ^ COnv({A^,™(0), A^,„ (tt'^ ) }) . □ 

From the previous Proposition 14.21 we deduce the following Proposition 14.31 

Proposition 4.3. We have — conv(Ar,m(6'Q)). 

We deduce that there exists a minimal finite set Aq ^ {q) C such that 
Acm = conv(ylg.^). Note that an exhaustive computation of the whole set 
^ail) provides the set Aq ^{q) by removing vectors that are convex combina- 
tion of others. The efficiency of such an algorithm can be greatly improved by 
computing inductively subsets 0{q) C 0Q{q) and get rid of any fry-pan 9 G 0{q) 
as soon as it becomes a convex combination of other fry-pans in 0{q)\{9}. The 
algorithm Cycle is based on this idea. 

Corollary 4.4. The algorithm Cycle(G ,m) terminates by iterating the main 
while loop at most |r|l'3l times and it returns Aq ^. 



1 Cycle(G = (Q, Sr, T) be a m-graph, m G N\{0}) 

2 for each state q E Q 

if ^ 

let 9€0^{q) 
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5 let 0{q) ^ {9} 

e else 

let 0{q) ^ 

8 while there exists t ~ {q,a,q') G T and 9' G 0{q') 

9 such that Ar^rn,a{K,m{9')) ^ COnv( Ar,m (©((j) ) ) 

10 if t9' is simple 

let 0{q) ^ 0{q) U {t9'} 

12 else 

13 let TT be the minimal strict prefix of t9' terminating in q 

14 let 9 be such that t9' = Tr9 
let 0{q) <- 6)(g) U{6',7r"} 

16 while there exists 9q e 0{q) 

IT such that conv(Ar,m('9('?))) = conv{Xr.,n{0{q)\{9o})) 

let 0(q) ^ eiq)\{9o} 
19 return Ar.mlG") /Mc^m 



5 Fix-point Computation 

In this section we prove that the minimal post-fix-point /G,m(Co) is effectively 
rational polyhedral for any m-graph G — {Q, Sr, T) and for any rational poly- 
hedral initial valuation Co G Q ^ Cm- We deduce that the closed convex hull 
of sets symbolically represented by arithmetic automata are effectively rational 
polyhedral. 

Example 5.1. Let m = 1 and G = {{q}, Er, {t}) where t = {q,r — l,q) and 
Co{q) = {0}. Observe that the sequence (Ci)igN where C^+i ~ Ci U FG.m.tiGi) 
satisfies G,iq) = {x G M | < a; < - 1}. 

Recall that a Kleene iteration algorithm applied on the computation of 
rG,7n{Co) consists in computing the beginning of the sequence (Ci)igN defined by 
the induction d+i = d UtgT ^G,m,t{Gi) until an integer i such that Ci+i — Gi 
is discovered. Then the algorithm terminates and it returns Gi. In fact, in this 
case we have Gi = PcmiGo). However, as proved by the previous Example 15.11 
the Kleene iteration does not terminate in general. Nevertheless we are going to 
compute /G',m(C'o) by a Kleene iteration such that each Gi is safely enlarged into 
a C- satisfying Gi C C- C rG,m{Go). This enlargement follows the acceleration 
framework introduced in |LS07blLS07aj that roughly consists to compute the 
precise effect of iterating some cycles. This framework motivate the introduction 
of the monotonic function Fq^^ defined over the complete lattice (Q Cm, E) 
for any G ^ Q ^ Cm and for any g G Q by the following equality: 

r^nicm = U rr,r..ACiq)) 
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q 


Cl,o{q) 


rG„2(Clfi){q) 


1 


{(0,0)} 


R+(l,3) 


2 





(l,l)+K+(3,2) 


3 





R+(3,2) 


4 





(l,0)+K+(3,2) 


5 





(0,1)+R+(1,3) 


6 





(2,l)+R+(3,2) 


7 





(0,2)+R+(l,3) 


8 





conv({(l, 0), (1, 2)}) + R+(l, 0) + R+(l, 3) 


9 





(0,1) +R+(0,1) +R+(3,2) 



Table 1. The values of C/,o and C/ = FajaiCifi). 



The following Proposition 15.21 shows that r^mi^) effectively computable 
from C and the function A^m introduced in section [3l In this proposition, Gq 
denotes the graph G reduced to the strongly connected components of q. 

Proposition 5.2. For any C <E Q ^ Cm, and for any q ^ Q, we have: 

rZm{C){q)^C{q)+R+{C{q)-AG,U<l)) 

We now prove that the enlargement is sufficient to enforce the convergence 
of a Kleene iteration. 

Proposition 5.3. Let Cq C Cq C Ci C C( C . . . he the sequence defined by the 
induction Gi+i = C^' UteT ^G,m,t(Ci) and C[ = rQ^^^{Gi). There exists i < \Q\ 
satisfying Q+i = Ci. Moreover, for such an integer i we have Ci = rcmiGo). 

Proof. Observe that Gi C G- C rcmiGo) for any i g N. Thus, if there exists 
i GN such that C^+i — Gi we deduce that Gi = /^G,m(Co)- Finally, in order to 
get the equality C|q| — C|q|_i, just observe by induction over i that we have 
following equality for any (72 G Q: 

Ci{q2) = \_\ rG,m^aiaa2{Co{qi)) 

90 ^91 >91 >92 
kl| + l<T2|<i 

□ 

Example 5.4- Let us consider the 2-graph Gj obtained from the 2-graph depicted 
in the center of Fig. [1] and restricted to the set of states Qi — {1, . . . , 9}. Let 
us also consider the function Gj^ G Qi ^ C2 defined by C/_o{l) = {(0,0)} and 
(^i,o{q) = for g e {2, . . . ,9}. Computing inductively the sequence Co E E 
Ci C C( C . . . defined in Proposition 15.31 from Cq — Gj^ shows that Gq = C5 
(see section [G] in appendix). Moreover, this computation provides the value of 
Ci = rG,,2{Gifl) (see Table [J). 
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FixPoint(G = (Q, Sr,T) a m-graph, m G N\{0}, Co G Q ^ tm) 
let C^Co 

while there exists t £T such that Ig m t{G) % C 

let C<-CUUt6T-rG,m,t(C) 

return C 



Corollary 5.5. The algorithm FixPoint(G,m,Co) terminates by iterating the 
main while loop at most |Q| — 1 times. Moreover, the algorithm returns /G.m(Co). 

From Propositions 13.41 and 13.51 and corollaries 14.41 and 15.51 we get: 

Theorem 5.6. The closed convex hull of sets symbolically represented by arith- 
metic automata are rational polyhedral and computable in exponential time. 

Example 5.7. We follow notations introduced in Examples 13 . 1^ [331 and [5741 Ob- 
serve that C/(8)-CD(a) = conv({(l,0),(l,2)})+]R+(l,0)+R+(l,3) is exactly 
the closed convex hull of X = e | 3x[l] > x[2]}. 

6 Conclusion 

We have proved that the closed convex hull of sets symbolically represented by 
arithmetic automata are rational polyhedral. Our approach is based on acceler- 
ation in convex data-flow analysis. It provides a simple algorithm for computing 
this set. Compare to [Lat04j (1) our algorithm has the same worst case expo- 
nential time complexity, (2) it is not limited to sets of the form n C where 
C is a rational polyhedral convex set, (3) it can be applied to any set defin- 
able in FO (M, Z, -t-, <, Xr), (4) it can be easily implemented, and (5) it is not 
restricted to the most significant digit first decomposition. This last advantage 
directly comes from the class of arithmetic automata we consider. In fact, since 
the arithmetic automata can be non deterministic, our algorithm can be applied 
to least significant digit first arithmetic automata just by fiipping the direc- 
tion of the transitions. Finally, from a practical point of view, as the arithmetic 
automata representing sets in the restricted logic FO (R, Z, -f , <) (where Xr is 
discarded) have a very particular structure, we are confident that the exponen- 
tial time complexity algorithm can be applied on automata with many states 
like the one presented in [Lat04]. The algorithm will be implemented in TaPAS 
|LP08] (The Talence Presburger Arithmetic Suite) as soon as possible. 
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A Proof of Proposition 13.31 



Proposition 13. 3L The valuation is the unique minimal valuation C € 

Q Cm such that Acm.tiC) Q C for any transition t G T and such that 
C{q) ^ for any state q ^ Q satisfying 0g{q) ^■ 

Proof. Let us first prove that C = cl o conv(Ar,m(6'G)) is a valuation in Q — > Gm 
such that AG,m,t{C) C C for any transition t £ T. We have the inclusion 
Ar,m,ai^r,miOGiq2))) ^ Ar,m (6*0 (^i ) ) for any transition (171,0,92) e T. As 
cloconv and Ar^m,a are commutative, the valuation C = cloconv(Ar,m(6'G)) 
satisfies ylG,m,t(C') C C for any transition t E T. 

Now, let us consider a valuation C E Q £,„ such that AG,m,t{C) ^ C 
for any transition t G T and such that C[q) ^ % for any state q G Q satisfying 
(^g{q) 7^ 0- Let us prove that cloconv(Ar,m(6'G)) E C As AG,m,t{C) E C for 
any transition t g T an immediate induction shows that Ar^m,a{C{q)) E C{q') 
for any finite path tt — {q ^ q'). Let us consider an infinite path 6 ~ {q ^ F). 
As F is non empty, there exists a state q' S F. Recall that F is the set of states 
visited infinitely often by the path 9. We deduce that there exists a cycle on q' 
and in particular Ociq') 7^ 0- This condition implies C{q') / 0. Thus there exists 
x' G C{q'). Moreover, as q' is visited infinitely often by 9, there exists a strictly 

w{l)...w{ij) . 

increasing sequence < io < ii < • • • of integers such that q > q . This 

path shows that the vector Xj = ^r',m,u)(i)...iu(ij)(2;') is in C{q). As limj^+oo Xj = 
\,m{w) and C{q) is closed we deduce that \r.m{w) £ C{q). We have proved that 
Ar,m(6>G) E C. Therefore cloconv(Ar,m(6)G)') EC. □ 
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B Proof of Lemma 14.11 



Lemma 14. IL Ar,T?i(o'") is the unique fix-point of Ar^m^a for any a G . 

Proof. As a<j'^ and are equal, equality ^ page [7| shows that Xr,m{(y'^) is a 
fix-point of Ar^m,a- Moreover as the uniform form of the linear function Ar^m,a is 
equal to /lr,m,o we deduce that the uniform form of o- is equal to 'o- Since 
^rm o(^) — r^^x we have proved that the uniform form of g. is a; ^ r~^'^^x 
for any x £ E™. Moreover, as Xr.mio''^) is a fix-point of A™„-^ ^ we deduce that 
^7^m,ai^^ = •^'■,m(o-") + r'^''^ {x - Xr,m{a'^)) for any x G R"\ In particular, if x 
is a fix-point of Ar^m.a, we get x = Xr,m{<^'^) +r~l°'l (x — Ar^„j(o'"))- As r^l'"! ^ 1 
we obtain x — Xr^micr'^). □ 
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C Proof of Proposition 14.31 



Proposition [473l We have Aq. 

Proof. From 0^{q) C 0G{q) we deduce the inclusion conv(Ar,jn(6*gi)) C AQ^^n- 
Let us prove the other inclusion. Observe that 0Q{q) is a finite set and in par- 
ticular conv(6'Q(g)) is a closed convex set for any q ^ Q. Let us consider the 
function C & Q ^ Gm defined by C = conv(Ar,Tn(6'Q)). From Proposition 14. 2^ 
we deduce that AG,m,t{C) C C for any transition t €T. Note also that C{q) ^ 
for any state q € Q such that Og{i) 7^ 0- By minimality of vlcm we get the 
other inclusion vlcm QC . □ 
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D An Additional Example For Section [4] 



<? 




-^Gi,2(g) 


1 

2 
3 
4 
5 
6 
7 


(00)", (0111)", 01(0010)", 0100(11)" 
1(00)", (1011)", 101(0010)", 10100(11)" 

(1110)", 100(11)", 1(0010)" 
0(11)", (0100)", 01011(00)", 010(1101)" 
11(00)", (1101)", (0010)", 00(11)" 
(11)", (0001)", 0(1101)", 011(00)" 
(11)", (1000)", 10(1101)", 1011(00)" 


{(0,0), (i,l))} 
{(iO),(|,i))} 

{(i4).(il)} 
{(ii),{(o,i)} 
{(i,i),(|,o)} 

{(1,1), (o,i)} 
{(1,0), (1,1)} 



Table 2. Some values computed 




Fig. 3. An arithmetic automaton in basis 2 and in dimension 2. 



Example D.l. Let us consider the 2-graph G labelled by S2 and depicted in 
Fig. [31 We denote by Gi the graph G restricted to the strongly connected com- 
ponent {1, . . . , 7}. By enumerating all the possible simple fry-pans 6*^^ {q) start- 
ing from a state q, observe that we get the values given in the Table [2l This 
table only provides the labels of the fry-pans in order to simplify the presenta- 
tion. However, the fry-pans can be recovered from their labels since the graph is 
deterministic. 
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E Proof of Corollary [4741 



Corollary I4.4L The algorithm Cycle(G,m) terminates by iterating the main 
while loop at most \T\^^^ times and it returns Aq ^. 

Proof. Observe that 0{q) C OqIq) for any state q at any step of the algorithm. 
Moreover, each time the while loop is executed, the set C{q) = conv(Ar.m(0(9))) 
strictly increases. Thus, the set {6 £ 0Q{q) \ ^r,m.{()) & C{q)} strictly increase 
each time the while loop is executed. Observe that a simple fry-pan 9 is uniquelly 
determined from its \Q\ first transitions. Thus J2qeQ I^g('?)I — l^l'*^'- We deduce 
that the algorithm terminates after executing at most jTjl'^l times the while loop. 
Finally, let us prove that when the algorithm terminates it returns Aq ^. It is 
sufHcient to show that C = Acm when it terminates. Note that the while loop 
condition is no longer valid. Thus Acm.tiC) C C for any transition t d T. As 
C{q) ^ % for any state q ^ Q such that Ociq) 7^ 0, by minimality of Acm we 
deduce that A^^^ C C. Thus C — Ac^m when the algorithm terminates. We 
deduce that the algorithm returns A*^ □ 
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F Proof of Proposition 15.21 

We first prove the following two technical lemmas. 

Lemma F.l. For any a G and for any x G we have: 

cloconv({rr,,„,^.(x) I i G N}) = 2; + R+(a; - Ar,m(cr'^)) 
Proof. As \r,m{(y'^) is a fix-point of the linear function F^^ j^ ^ji and as the uniform 
form of the linear function rj.„^^^i is I^rmO' '^^ deduce that r^„^ ,ji{x) = x + 
(yi^ - l){x - A^^„(cr'^)) for any i G N. As cloconv({r*^ - 1 | i G N}) = M+ 
we deduce the lemma. □ 

Lemma F.2. For any strongly connected m-graph G — {Q, Sr, T) and for any 
state q £ Q, we have : 

^G,m(g) = clo conv({A,.^„j (cr") I q ^ > q}) 

Proof. Let C{q) = cl o conv({Ar^„i(cr") | q > q}) be defined for any 

q G Q. Note that for any cycle it — {q '^^ '' — > q) we have tt'^ G 0G^(q)- In 
particular \r,m{o'^) G ^G,m('?)- We deduce the inclusion C{q) C AG,m{q)- For 
the other inclusion, let us consider an infinite path q ^ F and let q' G F. Since 
F is the set of states visited infinitely often, there exists a strictly increasing 

w[l) . . .'w{ij ) . 

sequence of integers < io < ii < • • ■ such that q > q for any 

integer j > 0. As G is strongly connected, there exists a path q. The 

cycle q — ^ > q shows that the vector Xj = Xr,m{{w{l) . . . w{ij)a)'^) is 

in C{q). As limj^+oo Xj = )^r,miw) and C{q) is closed we have proved that 

Xr,m H GC{q). Thus AG,rn (q) C{q). □ 

Proposition [5T2l For any C <E Q Cm, and for any q E Q, we have : 

r^^^{C){q)=C{q)+R+{C{q)^AG„m{q)) 

Proof. Note that if there does not exist a. q ^ q then AG^^m{q) = and the 
previous equality is immediate. Otherwise, from Lemmas IF. II and IF. 21 we get the 
following equalities: 



rlrAC){q)^ □ Fr,„.AC{q)) 



q — >q 



□ □ cloconv({r,,„,,.(x) |zgN}) 



xeC{q) <Te(i;m) + 

q >q 



y y X + R+{x-Xr,rni<J^)) 



U x + M+(x~ylG„™(g)) 

x<£C{q) 
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In particular we deduce that r^^rn('^){q) E C{q) + R+{C{q) - AG^.m{q))- Con- 
versely, let us consider x G C{q) + M+(C(g) — AGg,m{q))- The vector x can be 
decomposed into x = Ci + h{c2 — z) where Ci,C2 G C{q), z e AG^,m{q) and 
h € M+. Let us denote by c = j^ici + /1C2). As C{q) is convex we deduce that 
c € C{q). From x = c + h{c — 0) we deduce that x G r'^„(C)(g). □ 
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2 
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5 


6 


7 


8 
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Co 


{((),())} 


























C'o 


L 


























Ci 


L 





L' 

















(0,1)+R+(0,1) 


C[ 


L 





L' 

















(0,1)+/?' 




L 





L' 





(0,1) + L 










(0,1)+D' 




L 





L' 





(0,1)+L 








(1,1) + ^ 


{0,1) + D' 


C3 


L 




L' 


(1,0) + L' 


(0,l)+i 








conv({(LO),(l,l)}) + Li 


(0,1) + D' 




L 




U 


(1,0) + L' 


(0,1)+L 








conv({(l,0),(l,l)}) + i? 


(0,1) +D' 


C4 


L 


(1,1) + ^' 


L' 


(1,0) + L' 


(0,l)+i 





(0,2) + L 


conv({(l,0),(l,2)}) + i? 


(0,1) + £>' 




L 




U 


(1,0) + L' 


(0,1)+L 





(0,2) + L 


conv({(l,0),(l,2)}) + i^ 


{0,1) +D' 


C5 


L 




L' 


(1,0) + L' 


{0,1) + L 


(2,l) + i' 


(0,2) + L 


conv({(l,0),(l,2)}) + D 


{0,1) +D' 



